wso2 - ESB 4.5.0 のエラー: 資格メディエーターにユーザー名が指定されていません

Question

私は AS 5.0.1 でバックエンド サービスを使用しており、UT セキュリティ ポリシーで ESB 4.5.0 を使用して外部に公開されています。このプロキシ サービスは、エンタイトルメント メディエータを使用して、このサービスにアクセスするためのユーザー認証を検証するため、IS 4.0.0. このシナリオは、以前の wso2 製品バージョンで正常に機能します。

IS 3.2.3 を搭載したラップトップにこのシナリオを実装しましたが、問題なく動作しました。構成を本番サーバーにアップロードすると、次のエラーが表示されました: 注: 本番サーバーでは、AS と ESB に 2 つのテナントを使用しました。

エラー：

TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,787] ERROR {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator} -  org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed {org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_CODE : 0 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_MESSAGE : User name not provided for the Entitlement mediator - can't proceed {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,791]  WARN {org.apache.synapse.FaultHandler} -  ERROR_DETAIL : org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed
        at org.wso2.carbon.identity.entitlement.mediator.EntitlementMediator.mediate(EntitlementMediator.java:135)
        at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:60)
        at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:114)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:144)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.doSOAP(MultitenantMessageReceiver.java:233)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.processRequest(MultitenantMessageReceiver.java:181)
        at org.wso2.carbon.core.multitenancy.MultitenantMessageReceiver.receive(MultitenantMessageReceiver.java:77)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,792]  WARN {org.apache.synapse.FaultHandler} -  ERROR_EXCEPTION : org.apache.synapse.SynapseException: User name not provided for the Entitlement mediator - can't proceed {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,793]  WARN {org.apache.synapse.FaultHandler} -  FaultHandler : org.apache.synapse.mediators.MediatorFaultHandler@563ac83c {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,793]  WARN {org.apache.synapse.mediators.MediatorFaultHandler} -  Executing fault handler mediator : fault {org.apache.synapse.mediators.MediatorFaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-14 00:14:43,794]  INFO {org.apache.synapse.mediators.builtin.LogMediator} -  To: local://axis2services/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint, WSAction: http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor, SOAPAction: http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor, MessageID: urn:uuid:D4E74AEA911A3C697B1352870083848, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:prof="http://cdae.uci.cu/schemas/Profesor"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20"><wsse:Username>admin</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">*****</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Rs/AfaxxkrPr6FbTKaKUUg==</wsse:Nonce><wsu:Created>2012-11-14T05:14:46.624Z</wsu:Created></wsse:UsernameToken><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-19"><wsu:Created>2012-11-14T05:14:46.623Z</wsu:Created><wsu:Expires>2012-11-14T05:48:06.623Z</wsu:Expires></wsu:Timestamp></wsse:Security><wsa:Action>http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor</wsa:Action><wsa:MessageID>uuid:20a1b0e1-43f6-49ab-b523-8da4b36043ad</wsa:MessageID><wsa:To>https://server:8243/services/t/ptesisesb.cdae.uci.cu/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint</wsa:To></soapenv:Header><soapenv:Body>
      <prof:obtenerDatosProfesor>
         <prof:solapin>****</prof:solapin>
      </prof:obtenerDatosProfesor>
   </soapenv:Body></soapenv:Envelope> {org.apache.synapse.mediators.builtin.LogMediator}

私の石鹸のメッセージ:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:prof="http://cdae.uci.cu/schemas/Profesor">   
   <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-20">
            <wsse:Username>admin</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">****</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">Rs/AfaxxkrPr6FbTKaKUUg==</wsse:Nonce>
            <wsu:Created>2012-11-14T05:14:46.624Z</wsu:Created>
         </wsse:UsernameToken>
         <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-19">
            <wsu:Created>2012-11-14T05:14:46.623Z</wsu:Created>
            <wsu:Expires>2012-11-14T05:48:06.623Z</wsu:Expires>
         </wsu:Timestamp>
      </wsse:Security>
      <wsa:Action>http://cdae.uci.cu/servicios/Servicio_Profesor/obtenerDatosProfesor</wsa:Action>
      <wsa:MessageID>uuid:20a1b0e1-43f6-49ab-b523-8da4b36043ad</wsa:MessageID>
      <wsa:To>https://server:8243/services/t/ptesisesb.cdae.uci.cu/Profesor_Proxy.Profesor_ProxyHttpsSoap11Endpoint</wsa:To>
   </soapenv:Header>   
   <soapenv:Body>      
      <prof:obtenerDatosProfesor>         
         <prof:solapin>*****</prof:solapin>      
      </prof:obtenerDatosProfesor>   
   </soapenv:Body>
</soapenv:Envelope>

私のプロキシサービス:

<proxy xmlns="http://ws.apache.org/ns/synapse" name="Profesor_Proxy" transports="https" statistics="enable" trace="enable" startOnLoad="true">
   <target inSequence="conf:/secuenciasutiles/log_seguridad_mejorado" outSequence="conf:/gestion_tesis/servicioProfesor/secuencias/centralAssetsOUT" faultSequence="fault"/>
   <publishWSDL key="conf:/gestion_tesis/servicioProfesor/wsdl/Servicio_Profesor1.wsdl"/>
   <parameter name="addressingRequirementParameter">required</parameter>
   <description></description>
</proxy>

そして、エンタイトルメント メディエータを内部に含むシーケンス:

<sequence xmlns="http://ws.apache.org/ns/synapse" onError="conf:/secuenciasutiles/falla_de_conexion">
   <entitlementService remoteServiceUrl="https://server:9448/services/" remoteServiceUserName="admin" remoteServicePassword="*****" onReject="conf:/secuenciasutiles/log_cuando_no_pasa" onAccept="conf:/secuenciasutiles/log_cuando_pasa" advice=""/>
</sequence>

このシーケンスでは、onAccept シーケンスが時々消えることもわかります。

何が問題なのですか？UT ポリシーを使用しており、ESB への着信メッセージにユーザー名が表示されます。

このエラーは修正できますが、別の問題に直面しています。異なるサーバーで同じ構成を使用していますが、あるサーバーでは機能し、別のサーバーでは機能しません。この特定のケースでは、IS 4.0.0 で Permit 値を持つ要求/応答が表示されるため、資格が機能します。

エラー：

TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,359] ERROR {org.apache.synapse.core.axis2.Axis2Sender} -  Unexpected error during sending message out {org.apache.synapse.core.axis2.Axis2Sender}
org.apache.axis2.AxisFault: No user value in the rampart configuration policy
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:117)
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:193)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:175)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
        at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:445)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:57)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:281)
        at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:297)
        at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:165)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.rampart.RampartException: No user value in the rampart configuration policy
        at org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:210)
        at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
        at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:106)
        ... 21 more
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,366]  WARN {org.apache.synapse.FaultHandler} -  ERROR_CODE : 0 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,367]  WARN {org.apache.synapse.FaultHandler} -  ERROR_MESSAGE : Unexpected error during sending message out {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,367]  WARN {org.apache.synapse.FaultHandler} -  ERROR_DETAIL : org.apache.synapse.SynapseException: Unexpected error during sending message out
        at org.apache.synapse.core.axis2.Axis2Sender.handleException(Axis2Sender.java:170)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:69)
        at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:281)
        at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:297)
        at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:59)
        at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:165)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:181)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
        at org.apache.synapse.transport.nhttp.ServerWorker.processEntityEnclosingMethod(ServerWorker.java:409)
        at org.apache.synapse.transport.nhttp.ServerWorker.run(ServerWorker.java:261)
        at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.axis2.AxisFault: No user value in the rampart configuration policy
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:117)
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
        at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:193)
        at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:175)
        at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
        at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:445)
        at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:57)
        ... 12 more
Caused by: org.apache.rampart.RampartException: No user value in the rampart configuration policy
        at org.apache.rampart.builder.BindingBuilder.addUsernameToken(BindingBuilder.java:210)
        at org.apache.rampart.builder.TransportBindingBuilder.build(TransportBindingBuilder.java:95)
        at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:140)
        at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:106)
        ... 21 more
 {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,368]  WARN {org.apache.synapse.FaultHandler} -  ERROR_EXCEPTION : org.apache.synapse.SynapseException: Unexpected error during sending message out {org.apache.synapse.FaultHandler}
TID: [] [WSO2 Enterprise Service Bus] [2012-11-15 20:10:49,368]  WARN {org.apache.synapse.FaultHandler} -  FaultHandler : Endpoint [conf/HelloServiceAS] {org.apache.synapse.FaultHandler}

Answer 1

ホルヘ、

エラーは通常、エンタイトルメントメディエーターがターゲットリソースにアクセスしようとしているユーザーのユーザー名を抽出できない場合に発生します。特定のユーザーのユーザー名の取得は、適切なエンタイトルメントコールバックハンドラーの実装によって（ヘッダーの処理などによって）行われます。ただし、エンタイトルメントコールバックハンドラーパラメーターを「org.wso2.carbon.identity.entitlement.mediator.callback.UTEntitlementCallbackHandler」に明示的に設定してみてください。これは、UTが特定のサービスに適用されたときにユーザーのユーザー名を取得することに対応します。（AFAIR、パラメーター資格コールバックハンドラーの値は、デフォルト値が上記の値であるために使用されていました）。とにかく、次のようにエンタイトルメントサービスメディエーター構成で設定してみてください。

<entitlementService remoteServiceUrl="https://localhost:9443/services/" remoteServiceUserName="admin" remoteServicePassword="admin" callbackClass="org.wso2.carbon.identity.entitlement.callback.UTEntitlementCallbackHandler"/>

乾杯、プラバス